Vulnerability Description
Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP requests to a web application. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1088.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Tomcat | 7.0.0 |
References
- http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.70
- http://marc.info/?l=tomcat-user&m=129966773405409&w=2
- http://markmail.org/message/lzx5273wsgl5pob6
- http://markmail.org/message/yzmyn44f5aetmm2r
- http://secunia.com/advisories/43684Vendor Advisory
- http://securityreason.com/securityalert/8131
- http://svn.apache.org/viewvc?view=revision&revision=1079752Patch
- http://tomcat.apache.org/security-7.html
- http://www.osvdb.org/71027
- http://www.securityfocus.com/bid/46685
- http://www.vupen.com/english/advisories/2011/0563Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65971
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66154
- http://mail-archives.apache.org/mod_mbox/www-announce/201103.mbox/%3C4D6E74FF.70
- http://marc.info/?l=tomcat-user&m=129966773405409&w=2
FAQ
What is CVE-2011-1419?
CVE-2011-1419 is a vulnerability with a CVSS score of 5.8 (MEDIUM). Apache Tomcat 7.x before 7.0.11, when web.xml has no security constraints, does not follow ServletSecurity annotations, which allows remote attackers to bypass intended access restrictions via HTTP re...
How severe is CVE-2011-1419?
CVE-2011-1419 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1419?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Tomcat.